mac80211: Restore rx.fc before every invocation of ieee80211_invoke_rx_handlers
authorHelmut Schaa <hschaa@suse.de>
Fri, 21 Dec 2007 14:16:35 +0000 (15:16 +0100)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 23:00:50 +0000 (15:00 -0800)
This patch fixes a problem with rx handling on multiple interfaces. Especially
when using hardware-scanning and a wireless driver (i.e. iwlwifi) which is
able to receive data while scanning.

The rx handlers can modify the skb and the frame control field (see
ieee80211_rx_h_remove_qos_control) but since every interface gets its own
copy of the skb each should get its own copy of rx.fc too.

In my case the wlan0-interface did not remove the qos-control from the frame
because the corresponding flag in rx.fc was already removed while processing
the frame on the master interface. Therefore somehow corrupted frames were
passed to the userspace.

Signed-off-by: Helmut Schaa <hschaa@suse.de>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/mac80211/rx.c

index 505159f8dffc31ffa14f94da6e8a0aa29d88e0cb..306e6fc25d8f62f7a2f2b6f31c5faa072f61344d 100644 (file)
@@ -1746,6 +1746,7 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
                                       prev->dev->name);
                        continue;
                }
+               rx.fc = le16_to_cpu(hdr->frame_control);
                rx.skb = skb_new;
                rx.dev = prev->dev;
                rx.sdata = prev;
@@ -1754,6 +1755,7 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
                prev = sdata;
        }
        if (prev) {
+               rx.fc = le16_to_cpu(hdr->frame_control);
                rx.skb = skb;
                rx.dev = prev->dev;
                rx.sdata = prev;